# options for analysis running
run:
  # default concurrency is a available CPU number
  concurrency: 4

  # timeout for analysis, e.g. 30s, 5m, default is 1m
  timeout: 20m

  # exit code when at least one issue was found, default is 1
  issues-exit-code: 1

  # include test files or not, default is true
  tests: true

  # default is true. Enables skipping of directories:
  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
  skip-dirs-use-default: true

  # which dirs to skip: they won't be analyzed;
  # can use regexp here: generated.*, regexp is applied on full path;
  # default value is empty list, but next dirs are always skipped independently
  # from this option's value:
  #   	vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
  #  skip-dirs:
  #    - ^test.*

  # by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules":
  # If invoked with -mod=readonly, the go command is disallowed from the implicit
  # automatic updating of go.mod described above. Instead, it fails when any changes
  # to go.mod are needed. This setting is most useful to check that go.mod does
  # not need updates, such as in a continuous integration and testing system.
  # If invoked with -mod=vendor, the go command assumes that the vendor
  # directory holds the correct copies of dependencies and ignores
  # the dependency descriptions in go.mod.
  modules-download-mode: readonly

  # which files to skip: they will be analyzed, but issues from them
  # won't be reported. Default value is empty list, but there is
  # no need to include all autogenerated files, we confidently recognize
  # autogenerated files. If it's not please let us know.
  skip-files:
  #  - ".*\\.my\\.go$"
  #  - lib/bad.go

# all available settings of specific linters
linters-settings:
  govet:
    enable:
      - nilness
  goimports:
    local-prefixes: github.com/cilium/cilium
  staticcheck:
    go: "1.20"
  unused:
    go: "1.20"
  goheader:
    values:
      regexp:
        PROJECT: 'Cilium|Hubble'
    template: |-
      SPDX-License-Identifier: Apache-2.0
      Copyright Authors of {{ PROJECT }}
  gosec:
    includes:
      - G402
  gomodguard:
    blocked:
      modules:
        - github.com/miekg/dns:
            recommendations:
              - github.com/cilium/dns
            reason: "use the cilium fork directly to avoid replace directives in go.mod, see https://github.com/cilium/cilium/pull/27582"
        - gopkg.in/check.v1:
            recommendations:
              - testing
              - github.com/stretchr/testify/assert
            reason: "gocheck has been deprecated, see https://docs.cilium.io/en/latest/contributing/testing/unit/#migrating-tests-off-of-gopkg-in-check-v1"
        - go.uber.org/multierr:
            recommendations:
              - errors
            reason: "Go 1.20+ has support for combining multiple errors, see https://go.dev/doc/go1.20#errors"

  stylecheck:
    checks: ["ST1019"]

issues:
  # Excluding configuration per-path, per-linter, per-text and per-source
  exclude-rules:
    - linters: [staticcheck]
      text: "SA1019"                  # this is rule for deprecated method
    - linters: [staticcheck]
      text: "SA9003: empty branch"
    - linters: [staticcheck]
      text: "SA2001: empty critical section"
    - linters: [goerr113]
      text: "do not define dynamic errors, use wrapped static errors instead" # This rule to avoid opinionated check fmt.Errorf("text")
    # Skip goimports check on generated files
    - path: \\.(generated\\.deepcopy|pb)\\.go$
      linters:
        - goimports
    # Skip goheader check on files imported and modified from upstream k8s
    - path: "pkg/ipam/(cidrset|service)/.+\\.go"
      linters:
        - goheader

linters:
  disable-all: true
  enable:
    - goerr113
    - gofmt
    - goimports
    - govet
    - ineffassign
    - misspell
    - staticcheck
    - stylecheck
    - unused
    - goheader
    - gosec
    - gomodguard
    - gosimple

# To enable later if makes sense
#    - deadcode
#    - errcheck
#    - gocyclo
#    - golint
#    - gosec
#    - gosimple
#    - lll
#    - maligned
#    - misspell
#    - prealloc
#    - structcheck
#    - typecheck
